private async Task <bool> LoginUsingBasicAuth(UserSession userSession, HttpContext context, IAuthenticationService authenticationService) { using (StopWatchTimer stopWatchTimer = StopWatchTimer.Initialise(_autoLoginBasicAuthLogin)) { string authData = context.Request.Headers[SharedPluginFeatures.Constants.HeaderAuthorizationName]; if (!authData.StartsWith("Basic ", StringComparison.InvariantCultureIgnoreCase)) { context.Response.StatusCode = 400; return(false); } try { authData = System.Text.Encoding.GetEncoding("ISO-8859-1").GetString(Convert.FromBase64String(authData.Substring(6))); } catch (FormatException) { context.Response.StatusCode = 400; return(false); } string[] authParts = authData.Split(':', StringSplitOptions.RemoveEmptyEntries); if (authParts.Length != 2) { context.Response.StatusCode = 400; return(false); } UserLoginDetails loginDetails = new UserLoginDetails(); LoginResult loginResult = _loginProvider.Login(authParts[0], authParts[1], GetIpAddress(context), 1, ref loginDetails); if (loginResult == LoginResult.Success) { userSession.Login(loginDetails.UserId, loginDetails.Username, loginDetails.Email); await authenticationService.SignInAsync(context, _loginControllerSettings.AuthenticationScheme, new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)), _claimsProvider.GetAuthenticationProperties()); return(true); } else { context.Response.StatusCode = 401; return(false); } } }
public async Task Invoke(HttpContext context) { using (StopWatchTimer stopwatchTimer = StopWatchTimer.Initialise(_loginTimings)) { UserSession userSession = GetUserSession(context); if (userSession != null && String.IsNullOrEmpty(userSession.UserName) && CookieExists(context, _loginControllerSettings.RememberMeCookieName)) { using (StopWatchTimer stopwatchAutoLogin = StopWatchTimer.Initialise(_autoLoginTimings)) { string cookieValue = CookieValue(context, _loginControllerSettings.RememberMeCookieName, _loginControllerSettings.EncryptionKey, String.Empty); if (Int64.TryParse(cookieValue, out long userId)) { UserLoginDetails loginDetails = new UserLoginDetails(userId, true); LoginResult loginResult = _loginProvider.Login(String.Empty, String.Empty, base.GetIpAddress(context), 1, ref loginDetails); if (loginResult == LoginResult.Remembered) { userSession.Login(userId, loginDetails.Username, loginDetails.Email); await _authenticationService.SignInAsync(context, _loginControllerSettings.AuthenticationScheme, new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)), _claimsProvider.GetAuthenticationProperties()); } else { CookieDelete(context, _loginControllerSettings.RememberMeCookieName); } } else { CookieDelete(context, _loginControllerSettings.RememberMeCookieName); } } } } await _next(context); }
public IActionResult Index(LoginViewModel model) { if (model == null) { throw new ArgumentNullException(nameof(model)); } LoginCacheItem loginCacheItem = GetCachedLoginAttempt(true); if (!String.IsNullOrEmpty(loginCacheItem.CaptchaText)) { if (!loginCacheItem.CaptchaText.Equals(model.CaptchaText)) { ModelState.AddModelError(String.Empty, Languages.LanguageStrings.CodeNotValid); } } loginCacheItem.LoginAttempts++; model.ShowCaptchaImage = loginCacheItem.LoginAttempts >= _settings.CaptchaShowFailCount; UserLoginDetails loginDetails = new UserLoginDetails(); model.Breadcrumbs = GetBreadcrumbs(); model.CartSummary = GetCartSummary(); LoginResult loginResult = _loginProvider.Login(model.Username, model.Password, GetIpAddress(), loginCacheItem.LoginAttempts, ref loginDetails); switch (loginResult) { case LoginResult.Success: case LoginResult.PasswordChangeRequired: RemoveLoginAttempt(); UserSession session = GetUserSession(); if (session != null) { session.Login(loginDetails.UserId, loginDetails.Username, loginDetails.Email); } if (model.RememberMe) { CookieAdd(_settings.RememberMeCookieName, Encrypt(loginDetails.UserId.ToString(), _settings.EncryptionKey), _settings.LoginDays); } GetAuthenticationService().SignInAsync(HttpContext, _settings.AuthenticationScheme, new ClaimsPrincipal(_claimsProvider.GetUserClaims(loginDetails.UserId)), _claimsProvider.GetAuthenticationProperties()); if (loginResult == LoginResult.PasswordChangeRequired) { return(Redirect(_settings.ChangePasswordUrl)); } return(Redirect(model.ReturnUrl)); case LoginResult.AccountLocked: return(RedirectToAction(nameof(AccountLocked), new { username = model.Username })); case LoginResult.InvalidCredentials: ModelState.AddModelError(String.Empty, Languages.LanguageStrings.InvalidUsernameOrPassword); break; } if (model.ShowCaptchaImage) { loginCacheItem.CaptchaText = GetRandomWord(_settings.CaptchaWordLength, CaptchaCharacters); } return(View(model)); }